Network Security: Detailed info on Re: [Snort-users] I can not see it

Subject:	Re: [Snort-users] I can not see it
Date:	Thu, 5 Oct 2006 12:39:12 -0500

Snort starts as a service - "service snort start or restart or stop" are the
options there.  In order to shift your sensor to eth1 you need to modify the
snort startup script in the /etc/init.d directory to change the default eth0
to eth1
nwo

On 10/5/06, Greta.Ji@sungard.com <Greta.Ji@sungard.com> wrote:

That is my another question. When I run "snort start", I got prompt:
        Starting snort service:

What should I enter? I know, there are lot of reading, but I just start.


Thank you,

--Greta

-----Original Message-----
From: Patrick S. Harper [mailto:patrick@internetsecurityguru.com]
Sent: Thursday, October 05, 2006 12:54 PM
To: Ji, Greta; kisero@gmail.com
Cc: Snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] I can not see it

You will need to change the interface in your init script then restart
snort


-----Original Message-----
From: snort-users-bounces@lists.sourceforge.net
[mailto:snort-users-bounces@lists.sourceforge.net] On Behalf Of
Greta.Ji@sungard.com
Sent: Thursday, October 05, 2006 9:37 AM
To: kisero@gmail.com
Cc: Snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] I can not see it

Esteban,

Thank you to answer my mail. I spent few hours, finally fixed the
problem.
When I use "tcpdump -i eth1", I can see the traffic send from switch.
I have another problem. Snort/BASE only capture eth0 traffic, which I
use for the monitor connection. I can not see traffic on eth1.

How can I sniff eth1 traffic to Snort? I checked the snort.conf, I did
not find anywhere for it.

Thank you for all of your help,

--Greta
________________________________

From: Esteban Ribicic [mailto:kisero@gmail.com]
Sent: Thursday, October 05, 2006 10:12 AM
To: Ji, Greta
Cc: Snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] I can not see it


maybe u are confusing the nic u must sniff, try tcpdump -i any -n (under
linux)


On 10/3/06, Greta.Ji@sungard.com <Greta.Ji@sungard.com> wrote:

Hi,

        I am a new user on this list. I have a simple problem, and hope
to
get a
        help. I just installed Snort 2.6 on Centos. I follow the
document to
bring
        eth1 up (eth0 has IP to connect to the Internal network).  But I
can
not
        see any traffic on eth1 (tcpdump -i eth1). I checked the switch,
I
can see
        traffice on the interface (# sh interface f0/8):

            monitor session 1 source interface Fa0/2
            monitor session 1 destination interface Fa0/8

             270471 packets output, 65224246 bytes, 0 underruns

        Did I missing anything at here? Could some one help me?

        Thank you,

        --Greta


------------------------------------------------------------------------
-
        Take Surveys. Earn Cash. Influence the Future of IT
        Join SourceForge.net 's Techsay panel and you'll get the chance
to
share your
        opinions on IT & business topics through brief surveys -- and
earn
cash

http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDE
V

        _______________________________________________
        Snort-users mailing list
        Snort-users@lists.sourceforge.net
        Go to this URL to change user options or unsubscribe:
        https://lists.sourceforge.net/lists/listinfo/snort-users
        Snort-users
<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>
list
archive:
        http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Now at this last we must take a hard road, a road unforseen.
There lies our hope, if hope it be. To walk into peril to Mordor.

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] I can not see it, Greta.Ji Re: [Snort-users] I can not see it, Eric Hines Re: [Snort-users] I can not see it, Greta.Ji [Snort-users] Snort rule setting, Greta.Ji Re: [Snort-users] Snort rule setting, Eric Hines Re: [Snort-users] I can not see it, Esteban Ribicic Re: [Snort-users] I can not see it, Greta.Ji Re: [Snort-users] I can not see it, Patrick S. Harper Re: [Snort-users] I can not see it, Greta.Ji Re: [Snort-users] I can not see it, Patrick S. Harper Re: [Snort-users] I can not see it, Nick Oliver <= Re: [Snort-users] I can not see it, Michael Scheidell

Previous by Date:	[Snort-users] How to simulate and apply snort IDS source code in NS2??, bahareh NTC
Next by Date:	[Snort-users] simulate and apply snort IDS,,,, bahareh NTC
Previous by Thread:	Re: [Snort-users] I can not see it, Patrick S. Harper
Next by Thread:	Re: [Snort-users] I can not see it, Michael Scheidell
Indexes:	[Date] [Thread] [Top] [All Lists]